package dk.gov.oio.saml.session.inmemory;

import dk.gov.oio.saml.audit.AuditService;
import dk.gov.oio.saml.service.OIOSAML3Service;
import dk.gov.oio.saml.session.AssertionWrapper;
import dk.gov.oio.saml.session.AuthnRequestWrapper;
import dk.gov.oio.saml.session.LogoutRequestWrapper;
import dk.gov.oio.saml.session.SessionHandler;
import dk.gov.oio.saml.util.InternalException;
import dk.gov.oio.saml.util.StringUtil;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentSkipListSet;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dk/gov/oio/saml/session/inmemory/InMemorySessionHandler.class */
public class InMemorySessionHandler implements SessionHandler {
    private static final Logger log = LoggerFactory.getLogger(InMemorySessionHandler.class);
    private int sessionHandlerNumTrackedSessionIds;
    private final Map<String, TimeOutWrapper<AuthnRequestWrapper>> authnRequests = new ConcurrentHashMap();
    private final Map<String, TimeOutWrapper<AssertionWrapper>> assertions = new ConcurrentHashMap();
    private final Map<String, TimeOutWrapper<LogoutRequestWrapper>> logoutRequests = new ConcurrentHashMap();
    private final Map<String, TimeOutWrapper<String>> sessionIndexMap = new ConcurrentHashMap();
    private final ConcurrentSkipListSet<String> usedAssertionIds = new ConcurrentSkipListSet<>();

    public InMemorySessionHandler(int i) {
        this.sessionHandlerNumTrackedSessionIds = i;
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public void storeAuthnRequest(HttpSession httpSession, AuthnRequestWrapper authnRequestWrapper) throws InternalException {
        if (null == authnRequestWrapper || null == authnRequestWrapper.getId()) {
            log.warn("Ignore AuthRequest with null value or missing ID");
            return;
        }
        AuthnRequestWrapper authnRequest = getAuthnRequest(httpSession);
        if (null != authnRequest) {
            log.debug("AuthRequest '{}' will replace '{}'", authnRequestWrapper.getId(), authnRequest.getId());
        }
        log.debug("Store AuthRequest '{}'", authnRequestWrapper.getId());
        this.authnRequests.put(getSessionId(httpSession), new TimeOutWrapper<>(authnRequestWrapper));
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public void storeAssertion(HttpSession httpSession, AssertionWrapper assertionWrapper) {
        if (null == assertionWrapper || StringUtil.isEmpty(assertionWrapper.getID())) {
            log.warn("Ignore Assertion with null value or missing ID");
            return;
        }
        if (StringUtil.isEmpty(assertionWrapper.getSessionIndex())) {
            log.info("Assertion '{}' with passive session and missing index", assertionWrapper.getID());
        }
        if (this.usedAssertionIds.contains(assertionWrapper.getID())) {
            log.warn("Assertion '{}' is being replayed", assertionWrapper.getID());
            throw new IllegalArgumentException(String.format("Assertion ID being replayed: '%s'", assertionWrapper.getID()));
        }
        this.usedAssertionIds.add(assertionWrapper.getID());
        AssertionWrapper assertion = getAssertion(httpSession);
        if (null != assertion) {
            if (assertionWrapper.isReplayOf(assertion)) {
                log.debug("Assertion '{}' is being replayed", assertionWrapper.getID(), assertion.getID());
                throw new IllegalArgumentException(String.format("Assertion with id '%s' and session index '%s' is already registered", assertionWrapper.getID(), assertionWrapper.getSessionIndex()));
            }
            log.debug("Assertion '{}' will replace '{}'", assertionWrapper.getID(), assertion.getID());
            this.sessionIndexMap.remove(StringUtil.defaultIfEmpty(assertion.getSessionIndex(), assertion.getID()));
        }
        log.debug("Store Assertion '{}'", assertionWrapper.getID());
        this.assertions.put(getSessionId(httpSession), new TimeOutWrapper<>(assertionWrapper));
        this.sessionIndexMap.put(StringUtil.defaultIfEmpty(assertionWrapper.getSessionIndex(), assertionWrapper.getID()), new TimeOutWrapper<>(getSessionId(httpSession)));
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public void storeLogoutRequest(HttpSession httpSession, LogoutRequestWrapper logoutRequestWrapper) {
        if (null == logoutRequestWrapper || null == logoutRequestWrapper.getID()) {
            log.warn("Ignore LogoutRequest with null value or missing ID");
            return;
        }
        LogoutRequestWrapper logoutRequest = getLogoutRequest(httpSession);
        if (null != logoutRequest) {
            log.debug("LogoutRequest '{}' will replace '{}'", logoutRequestWrapper.getID(), logoutRequest.getID());
        }
        log.debug("Store LogoutRequest '{}'", logoutRequestWrapper.getID());
        this.logoutRequests.put(getSessionId(httpSession), new TimeOutWrapper<>(logoutRequestWrapper));
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public AuthnRequestWrapper getAuthnRequest(HttpSession httpSession) {
        TimeOutWrapper<AuthnRequestWrapper> timeOutWrapper = this.authnRequests.get(getSessionId(httpSession));
        if (null == timeOutWrapper || null == timeOutWrapper.getObject()) {
            return null;
        }
        log.debug("Get AuthnRequest from the current session '{}'", getSessionId(httpSession));
        timeOutWrapper.setAccesstime();
        return timeOutWrapper.getObject();
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public AssertionWrapper getAssertion(HttpSession httpSession) {
        TimeOutWrapper<AssertionWrapper> timeOutWrapper = this.assertions.get(getSessionId(httpSession));
        if (null == timeOutWrapper || null == timeOutWrapper.getObject()) {
            return null;
        }
        log.debug("Get AssertionWrapper from the current session '{}'", getSessionId(httpSession));
        timeOutWrapper.setAccesstime();
        return timeOutWrapper.getObject();
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public AssertionWrapper getAssertion(String str) {
        if (null == str || !this.sessionIndexMap.containsKey(str)) {
            log.debug("Session index '{}' is missing", str);
            return null;
        }
        String object = this.sessionIndexMap.get(str).getObject();
        TimeOutWrapper<AssertionWrapper> timeOutWrapper = this.assertions.get(object);
        if (null == timeOutWrapper || null == timeOutWrapper.getObject()) {
            return null;
        }
        log.debug("Get AssertionWrapper from the session '{}' with sessionIndex '{}'", object, str);
        timeOutWrapper.setAccesstime();
        return timeOutWrapper.getObject();
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public LogoutRequestWrapper getLogoutRequest(HttpSession httpSession) {
        TimeOutWrapper<LogoutRequestWrapper> timeOutWrapper = this.logoutRequests.get(getSessionId(httpSession));
        if (null == timeOutWrapper || null == timeOutWrapper.getObject()) {
            return null;
        }
        log.debug("Get LogoutRequestWrapper from the current session '{}'", getSessionId(httpSession));
        timeOutWrapper.setAccesstime();
        return timeOutWrapper.getObject();
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public String getSessionId(String str) {
        if (StringUtil.isEmpty(str) || !this.sessionIndexMap.containsKey(str)) {
            return null;
        }
        return this.sessionIndexMap.get(str).getObject();
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public void logout(HttpSession httpSession, AssertionWrapper assertionWrapper) {
        log.debug("Logout from session '{}' and assertion '{}'", null != httpSession ? getSessionId(httpSession) : "", null != assertionWrapper ? assertionWrapper.getID() : "");
        if (null != assertionWrapper && StringUtil.isNotEmpty(assertionWrapper.getSessionIndex())) {
            logout(getSessionId(assertionWrapper.getSessionIndex()));
        }
        logout(getSessionId(httpSession));
    }

    @Override // dk.gov.oio.saml.session.SessionHandler
    public void cleanup(long j) {
        while (!this.usedAssertionIds.isEmpty() && this.usedAssertionIds.size() > this.sessionHandlerNumTrackedSessionIds) {
            this.usedAssertionIds.remove(this.usedAssertionIds.pollFirst());
        }
        cleanup(this.sessionIndexMap, j, "SessionIndexMap");
        cleanup(this.assertions, j, "Assertions");
        cleanup(this.authnRequests, j, "AuthnRequests");
        cleanup(this.logoutRequests, j, "LogoutRequests");
    }

    private <E, T> void cleanup(Map<E, TimeOutWrapper<T>> map, long j, String str) {
        log.debug("Running cleanup timer on {}", map);
        for (E e : map.keySet()) {
            TimeOutWrapper<T> timeOutWrapper = map.get(e);
            if (timeOutWrapper.isExpired(j)) {
                log.debug("Expiring {}", timeOutWrapper);
                if (timeOutWrapper.getObject() instanceof AssertionWrapper) {
                    OIOSAML3Service.getAuditService().auditLog(new AuditService.Builder().withAuthnAttribute("ACTION", "TIMEOUT").withAuthnAttribute("DESCRIPTION", "SessionDestroyed").withAuthnAttribute("SP_SESSION_ID", String.valueOf(e)).withAuthnAttribute("ASSERTION_ID", ((AssertionWrapper) timeOutWrapper.getObject()).getID()).withAuthnAttribute("SUBJECT_NAME_ID", ((AssertionWrapper) timeOutWrapper.getObject()).getSubjectNameId()));
                }
                map.remove(e);
            }
        }
    }

    private void logout(String str) {
        log.debug("Invalidate OIOSAML session '{}'", str);
        if (StringUtil.isEmpty(str) || !this.assertions.containsKey(str)) {
            return;
        }
        this.sessionIndexMap.remove(this.assertions.get(str).getObject().getSessionIndex());
        this.assertions.remove(str);
    }
}
